1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*  Xenbus code for blkif backend
3     Copyright (C) 2005 Rusty Russell <rusty@rustcorp.com.au>
4     Copyright (C) 2005 XenSource Ltd
5 
6 
7 */
8 
9 #define pr_fmt(fmt) "xen-blkback: " fmt
10 
11 #include <linux/module.h>
12 #include <linux/kthread.h>
13 #include <linux/pagemap.h>
14 #include <xen/events.h>
15 #include <xen/grant_table.h>
16 #include "common.h"
17 
18 /* On the XenBus the max length of 'ring-ref%u'. */
19 #define RINGREF_NAME_LEN (20)
20 
21 struct backend_info {
22 	struct xenbus_device	*dev;
23 	struct xen_blkif	*blkif;
24 	struct xenbus_watch	backend_watch;
25 	unsigned		major;
26 	unsigned		minor;
27 	char			*mode;
28 };
29 
30 static struct kmem_cache *xen_blkif_cachep;
31 static void connect(struct backend_info *);
32 static int connect_ring(struct backend_info *);
33 static void backend_changed(struct xenbus_watch *, const char *,
34 			    const char *);
35 static void xen_blkif_free(struct xen_blkif *blkif);
36 static void xen_vbd_free(struct xen_vbd *vbd);
37 
38 struct xenbus_device *xen_blkbk_xenbus(struct backend_info *be)
39 {
40 	return be->dev;
41 }
42 
43 /*
44  * The last request could free the device from softirq context and
45  * xen_blkif_free() can sleep.
46  */
47 static void xen_blkif_deferred_free(struct work_struct *work)
48 {
49 	struct xen_blkif *blkif;
50 
51 	blkif = container_of(work, struct xen_blkif, free_work);
52 	xen_blkif_free(blkif);
53 }
54 
55 static int blkback_name(struct xen_blkif *blkif, char *buf)
56 {
57 	char *devpath, *devname;
58 	struct xenbus_device *dev = blkif->be->dev;
59 
60 	devpath = xenbus_read(XBT_NIL, dev->nodename, "dev", NULL);
61 	if (IS_ERR(devpath))
62 		return PTR_ERR(devpath);
63 
64 	devname = strstr(devpath, "/dev/");
65 	if (devname != NULL)
66 		devname += strlen("/dev/");
67 	else
68 		devname  = devpath;
69 
70 	snprintf(buf, TASK_COMM_LEN, "%d.%s", blkif->domid, devname);
71 	kfree(devpath);
72 
73 	return 0;
74 }
75 
76 static void xen_update_blkif_status(struct xen_blkif *blkif)
77 {
78 	int err;
79 	char name[TASK_COMM_LEN];
80 	struct xen_blkif_ring *ring;
81 	int i;
82 
83 	/* Not ready to connect? */
84 	if (!blkif->rings || !blkif->rings[0].irq || !blkif->vbd.bdev)
85 		return;
86 
87 	/* Already connected? */
88 	if (blkif->be->dev->state == XenbusStateConnected)
89 		return;
90 
91 	/* Attempt to connect: exit if we fail to. */
92 	connect(blkif->be);
93 	if (blkif->be->dev->state != XenbusStateConnected)
94 		return;
95 
96 	err = blkback_name(blkif, name);
97 	if (err) {
98 		xenbus_dev_error(blkif->be->dev, err, "get blkback dev name");
99 		return;
100 	}
101 
102 	err = sync_blockdev(blkif->vbd.bdev);
103 	if (err) {
104 		xenbus_dev_error(blkif->be->dev, err, "block flush");
105 		return;
106 	}
107 	invalidate_inode_pages2(blkif->vbd.bdev->bd_inode->i_mapping);
108 
109 	for (i = 0; i < blkif->nr_rings; i++) {
110 		ring = &blkif->rings[i];
111 		ring->xenblkd = kthread_run(xen_blkif_schedule, ring, "%s-%d", name, i);
112 		if (IS_ERR(ring->xenblkd)) {
113 			err = PTR_ERR(ring->xenblkd);
114 			ring->xenblkd = NULL;
115 			xenbus_dev_fatal(blkif->be->dev, err,
116 					"start %s-%d xenblkd", name, i);
117 			goto out;
118 		}
119 	}
120 	return;
121 
122 out:
123 	while (--i >= 0) {
124 		ring = &blkif->rings[i];
125 		kthread_stop(ring->xenblkd);
126 	}
127 	return;
128 }
129 
130 static int xen_blkif_alloc_rings(struct xen_blkif *blkif)
131 {
132 	unsigned int r;
133 
134 	blkif->rings = kcalloc(blkif->nr_rings, sizeof(struct xen_blkif_ring),
135 			       GFP_KERNEL);
136 	if (!blkif->rings)
137 		return -ENOMEM;
138 
139 	for (r = 0; r < blkif->nr_rings; r++) {
140 		struct xen_blkif_ring *ring = &blkif->rings[r];
141 
142 		spin_lock_init(&ring->blk_ring_lock);
143 		init_waitqueue_head(&ring->wq);
144 		INIT_LIST_HEAD(&ring->pending_free);
145 		INIT_LIST_HEAD(&ring->persistent_purge_list);
146 		INIT_WORK(&ring->persistent_purge_work, xen_blkbk_unmap_purged_grants);
147 		gnttab_page_cache_init(&ring->free_pages);
148 
149 		spin_lock_init(&ring->pending_free_lock);
150 		init_waitqueue_head(&ring->pending_free_wq);
151 		init_waitqueue_head(&ring->shutdown_wq);
152 		ring->blkif = blkif;
153 		ring->st_print = jiffies;
154 		ring->active = true;
155 	}
156 
157 	return 0;
158 }
159 
160 /* Enable the persistent grants feature. */
161 static bool feature_persistent = true;
162 module_param(feature_persistent, bool, 0644);
163 MODULE_PARM_DESC(feature_persistent, "Enables the persistent grants feature");
164 
165 static struct xen_blkif *xen_blkif_alloc(domid_t domid)
166 {
167 	struct xen_blkif *blkif;
168 
169 	BUILD_BUG_ON(MAX_INDIRECT_PAGES > BLKIF_MAX_INDIRECT_PAGES_PER_REQUEST);
170 
171 	blkif = kmem_cache_zalloc(xen_blkif_cachep, GFP_KERNEL);
172 	if (!blkif)
173 		return ERR_PTR(-ENOMEM);
174 
175 	blkif->domid = domid;
176 	atomic_set(&blkif->refcnt, 1);
177 	init_completion(&blkif->drain_complete);
178 
179 	/*
180 	 * Because freeing back to the cache may be deferred, it is not
181 	 * safe to unload the module (and hence destroy the cache) until
182 	 * this has completed. To prevent premature unloading, take an
183 	 * extra module reference here and release only when the object
184 	 * has been freed back to the cache.
185 	 */
186 	__module_get(THIS_MODULE);
187 	INIT_WORK(&blkif->free_work, xen_blkif_deferred_free);
188 
189 	return blkif;
190 }
191 
192 static int xen_blkif_map(struct xen_blkif_ring *ring, grant_ref_t *gref,
193 			 unsigned int nr_grefs, unsigned int evtchn)
194 {
195 	int err;
196 	struct xen_blkif *blkif = ring->blkif;
197 	const struct blkif_common_sring *sring_common;
198 	RING_IDX rsp_prod, req_prod;
199 	unsigned int size;
200 
201 	/* Already connected through? */
202 	if (ring->irq)
203 		return 0;
204 
205 	err = xenbus_map_ring_valloc(blkif->be->dev, gref, nr_grefs,
206 				     &ring->blk_ring);
207 	if (err < 0)
208 		return err;
209 
210 	sring_common = (struct blkif_common_sring *)ring->blk_ring;
211 	rsp_prod = READ_ONCE(sring_common->rsp_prod);
212 	req_prod = READ_ONCE(sring_common->req_prod);
213 
214 	switch (blkif->blk_protocol) {
215 	case BLKIF_PROTOCOL_NATIVE:
216 	{
217 		struct blkif_sring *sring_native =
218 			(struct blkif_sring *)ring->blk_ring;
219 
220 		BACK_RING_ATTACH(&ring->blk_rings.native, sring_native,
221 				 rsp_prod, XEN_PAGE_SIZE * nr_grefs);
222 		size = __RING_SIZE(sring_native, XEN_PAGE_SIZE * nr_grefs);
223 		break;
224 	}
225 	case BLKIF_PROTOCOL_X86_32:
226 	{
227 		struct blkif_x86_32_sring *sring_x86_32 =
228 			(struct blkif_x86_32_sring *)ring->blk_ring;
229 
230 		BACK_RING_ATTACH(&ring->blk_rings.x86_32, sring_x86_32,
231 				 rsp_prod, XEN_PAGE_SIZE * nr_grefs);
232 		size = __RING_SIZE(sring_x86_32, XEN_PAGE_SIZE * nr_grefs);
233 		break;
234 	}
235 	case BLKIF_PROTOCOL_X86_64:
236 	{
237 		struct blkif_x86_64_sring *sring_x86_64 =
238 			(struct blkif_x86_64_sring *)ring->blk_ring;
239 
240 		BACK_RING_ATTACH(&ring->blk_rings.x86_64, sring_x86_64,
241 				 rsp_prod, XEN_PAGE_SIZE * nr_grefs);
242 		size = __RING_SIZE(sring_x86_64, XEN_PAGE_SIZE * nr_grefs);
243 		break;
244 	}
245 	default:
246 		BUG();
247 	}
248 
249 	err = -EIO;
250 	if (req_prod - rsp_prod > size)
251 		goto fail;
252 
253 	err = bind_interdomain_evtchn_to_irqhandler_lateeoi(blkif->be->dev,
254 			evtchn, xen_blkif_be_int, 0, "blkif-backend", ring);
255 	if (err < 0)
256 		goto fail;
257 	ring->irq = err;
258 
259 	return 0;
260 
261 fail:
262 	xenbus_unmap_ring_vfree(blkif->be->dev, ring->blk_ring);
263 	ring->blk_rings.common.sring = NULL;
264 	return err;
265 }
266 
267 static int xen_blkif_disconnect(struct xen_blkif *blkif)
268 {
269 	struct pending_req *req, *n;
270 	unsigned int j, r;
271 	bool busy = false;
272 
273 	for (r = 0; r < blkif->nr_rings; r++) {
274 		struct xen_blkif_ring *ring = &blkif->rings[r];
275 		unsigned int i = 0;
276 
277 		if (!ring->active)
278 			continue;
279 
280 		if (ring->xenblkd) {
281 			kthread_stop(ring->xenblkd);
282 			ring->xenblkd = NULL;
283 			wake_up(&ring->shutdown_wq);
284 		}
285 
286 		/* The above kthread_stop() guarantees that at this point we
287 		 * don't have any discard_io or other_io requests. So, checking
288 		 * for inflight IO is enough.
289 		 */
290 		if (atomic_read(&ring->inflight) > 0) {
291 			busy = true;
292 			continue;
293 		}
294 
295 		if (ring->irq) {
296 			unbind_from_irqhandler(ring->irq, ring);
297 			ring->irq = 0;
298 		}
299 
300 		if (ring->blk_rings.common.sring) {
301 			xenbus_unmap_ring_vfree(blkif->be->dev, ring->blk_ring);
302 			ring->blk_rings.common.sring = NULL;
303 		}
304 
305 		/* Remove all persistent grants and the cache of ballooned pages. */
306 		xen_blkbk_free_caches(ring);
307 
308 		/* Check that there is no request in use */
309 		list_for_each_entry_safe(req, n, &ring->pending_free, free_list) {
310 			list_del(&req->free_list);
311 
312 			for (j = 0; j < MAX_INDIRECT_SEGMENTS; j++)
313 				kfree(req->segments[j]);
314 
315 			for (j = 0; j < MAX_INDIRECT_PAGES; j++)
316 				kfree(req->indirect_pages[j]);
317 
318 			kfree(req);
319 			i++;
320 		}
321 
322 		BUG_ON(atomic_read(&ring->persistent_gnt_in_use) != 0);
323 		BUG_ON(!list_empty(&ring->persistent_purge_list));
324 		BUG_ON(!RB_EMPTY_ROOT(&ring->persistent_gnts));
325 		BUG_ON(ring->free_pages.num_pages != 0);
326 		BUG_ON(ring->persistent_gnt_c != 0);
327 		WARN_ON(i != (XEN_BLKIF_REQS_PER_PAGE * blkif->nr_ring_pages));
328 		ring->active = false;
329 	}
330 	if (busy)
331 		return -EBUSY;
332 
333 	blkif->nr_ring_pages = 0;
334 	/*
335 	 * blkif->rings was allocated in connect_ring, so we should free it in
336 	 * here.
337 	 */
338 	kfree(blkif->rings);
339 	blkif->rings = NULL;
340 	blkif->nr_rings = 0;
341 
342 	return 0;
343 }
344 
345 static void xen_blkif_free(struct xen_blkif *blkif)
346 {
347 	WARN_ON(xen_blkif_disconnect(blkif));
348 	xen_vbd_free(&blkif->vbd);
349 	kfree(blkif->be->mode);
350 	kfree(blkif->be);
351 
352 	/* Make sure everything is drained before shutting down */
353 	kmem_cache_free(xen_blkif_cachep, blkif);
354 	module_put(THIS_MODULE);
355 }
356 
357 int __init xen_blkif_interface_init(void)
358 {
359 	xen_blkif_cachep = kmem_cache_create("blkif_cache",
360 					     sizeof(struct xen_blkif),
361 					     0, 0, NULL);
362 	if (!xen_blkif_cachep)
363 		return -ENOMEM;
364 
365 	return 0;
366 }
367 
368 void xen_blkif_interface_fini(void)
369 {
370 	kmem_cache_destroy(xen_blkif_cachep);
371 	xen_blkif_cachep = NULL;
372 }
373 
374 /*
375  *  sysfs interface for VBD I/O requests
376  */
377 
378 #define VBD_SHOW_ALLRING(name, format)					\
379 	static ssize_t show_##name(struct device *_dev,			\
380 				   struct device_attribute *attr,	\
381 				   char *buf)				\
382 	{								\
383 		struct xenbus_device *dev = to_xenbus_device(_dev);	\
384 		struct backend_info *be = dev_get_drvdata(&dev->dev);	\
385 		struct xen_blkif *blkif = be->blkif;			\
386 		unsigned int i;						\
387 		unsigned long long result = 0;				\
388 									\
389 		if (!blkif->rings)				\
390 			goto out;					\
391 									\
392 		for (i = 0; i < blkif->nr_rings; i++) {		\
393 			struct xen_blkif_ring *ring = &blkif->rings[i];	\
394 									\
395 			result += ring->st_##name;			\
396 		}							\
397 									\
398 out:									\
399 		return sprintf(buf, format, result);			\
400 	}								\
401 	static DEVICE_ATTR(name, 0444, show_##name, NULL)
402 
403 VBD_SHOW_ALLRING(oo_req,  "%llu\n");
404 VBD_SHOW_ALLRING(rd_req,  "%llu\n");
405 VBD_SHOW_ALLRING(wr_req,  "%llu\n");
406 VBD_SHOW_ALLRING(f_req,  "%llu\n");
407 VBD_SHOW_ALLRING(ds_req,  "%llu\n");
408 VBD_SHOW_ALLRING(rd_sect, "%llu\n");
409 VBD_SHOW_ALLRING(wr_sect, "%llu\n");
410 
411 static struct attribute *xen_vbdstat_attrs[] = {
412 	&dev_attr_oo_req.attr,
413 	&dev_attr_rd_req.attr,
414 	&dev_attr_wr_req.attr,
415 	&dev_attr_f_req.attr,
416 	&dev_attr_ds_req.attr,
417 	&dev_attr_rd_sect.attr,
418 	&dev_attr_wr_sect.attr,
419 	NULL
420 };
421 
422 static const struct attribute_group xen_vbdstat_group = {
423 	.name = "statistics",
424 	.attrs = xen_vbdstat_attrs,
425 };
426 
427 #define VBD_SHOW(name, format, args...)					\
428 	static ssize_t show_##name(struct device *_dev,			\
429 				   struct device_attribute *attr,	\
430 				   char *buf)				\
431 	{								\
432 		struct xenbus_device *dev = to_xenbus_device(_dev);	\
433 		struct backend_info *be = dev_get_drvdata(&dev->dev);	\
434 									\
435 		return sprintf(buf, format, ##args);			\
436 	}								\
437 	static DEVICE_ATTR(name, 0444, show_##name, NULL)
438 
439 VBD_SHOW(physical_device, "%x:%x\n", be->major, be->minor);
440 VBD_SHOW(mode, "%s\n", be->mode);
441 
442 static int xenvbd_sysfs_addif(struct xenbus_device *dev)
443 {
444 	int error;
445 
446 	error = device_create_file(&dev->dev, &dev_attr_physical_device);
447 	if (error)
448 		goto fail1;
449 
450 	error = device_create_file(&dev->dev, &dev_attr_mode);
451 	if (error)
452 		goto fail2;
453 
454 	error = sysfs_create_group(&dev->dev.kobj, &xen_vbdstat_group);
455 	if (error)
456 		goto fail3;
457 
458 	return 0;
459 
460 fail3:	sysfs_remove_group(&dev->dev.kobj, &xen_vbdstat_group);
461 fail2:	device_remove_file(&dev->dev, &dev_attr_mode);
462 fail1:	device_remove_file(&dev->dev, &dev_attr_physical_device);
463 	return error;
464 }
465 
466 static void xenvbd_sysfs_delif(struct xenbus_device *dev)
467 {
468 	sysfs_remove_group(&dev->dev.kobj, &xen_vbdstat_group);
469 	device_remove_file(&dev->dev, &dev_attr_mode);
470 	device_remove_file(&dev->dev, &dev_attr_physical_device);
471 }
472 
473 static void xen_vbd_free(struct xen_vbd *vbd)
474 {
475 	if (vbd->bdev)
476 		blkdev_put(vbd->bdev, vbd->readonly ? FMODE_READ : FMODE_WRITE);
477 	vbd->bdev = NULL;
478 }
479 
480 static int xen_vbd_create(struct xen_blkif *blkif, blkif_vdev_t handle,
481 			  unsigned major, unsigned minor, int readonly,
482 			  int cdrom)
483 {
484 	struct xen_vbd *vbd;
485 	struct block_device *bdev;
486 
487 	vbd = &blkif->vbd;
488 	vbd->handle   = handle;
489 	vbd->readonly = readonly;
490 	vbd->type     = 0;
491 
492 	vbd->pdevice  = MKDEV(major, minor);
493 
494 	bdev = blkdev_get_by_dev(vbd->pdevice, vbd->readonly ?
495 				 FMODE_READ : FMODE_WRITE, NULL);
496 
497 	if (IS_ERR(bdev)) {
498 		pr_warn("xen_vbd_create: device %08x could not be opened\n",
499 			vbd->pdevice);
500 		return -ENOENT;
501 	}
502 
503 	vbd->bdev = bdev;
504 	if (vbd->bdev->bd_disk == NULL) {
505 		pr_warn("xen_vbd_create: device %08x doesn't exist\n",
506 			vbd->pdevice);
507 		xen_vbd_free(vbd);
508 		return -ENOENT;
509 	}
510 	vbd->size = vbd_sz(vbd);
511 
512 	if (cdrom || disk_to_cdi(vbd->bdev->bd_disk))
513 		vbd->type |= VDISK_CDROM;
514 	if (vbd->bdev->bd_disk->flags & GENHD_FL_REMOVABLE)
515 		vbd->type |= VDISK_REMOVABLE;
516 
517 	if (bdev_write_cache(bdev))
518 		vbd->flush_support = true;
519 	if (bdev_max_secure_erase_sectors(bdev))
520 		vbd->discard_secure = true;
521 
522 	pr_debug("Successful creation of handle=%04x (dom=%u)\n",
523 		handle, blkif->domid);
524 	return 0;
525 }
526 
527 static int xen_blkbk_remove(struct xenbus_device *dev)
528 {
529 	struct backend_info *be = dev_get_drvdata(&dev->dev);
530 
531 	pr_debug("%s %p %d\n", __func__, dev, dev->otherend_id);
532 
533 	if (be->major || be->minor)
534 		xenvbd_sysfs_delif(dev);
535 
536 	if (be->backend_watch.node) {
537 		unregister_xenbus_watch(&be->backend_watch);
538 		kfree(be->backend_watch.node);
539 		be->backend_watch.node = NULL;
540 	}
541 
542 	dev_set_drvdata(&dev->dev, NULL);
543 
544 	if (be->blkif) {
545 		xen_blkif_disconnect(be->blkif);
546 
547 		/* Put the reference we set in xen_blkif_alloc(). */
548 		xen_blkif_put(be->blkif);
549 	}
550 
551 	return 0;
552 }
553 
554 int xen_blkbk_flush_diskcache(struct xenbus_transaction xbt,
555 			      struct backend_info *be, int state)
556 {
557 	struct xenbus_device *dev = be->dev;
558 	int err;
559 
560 	err = xenbus_printf(xbt, dev->nodename, "feature-flush-cache",
561 			    "%d", state);
562 	if (err)
563 		dev_warn(&dev->dev, "writing feature-flush-cache (%d)", err);
564 
565 	return err;
566 }
567 
568 static void xen_blkbk_discard(struct xenbus_transaction xbt, struct backend_info *be)
569 {
570 	struct xenbus_device *dev = be->dev;
571 	struct xen_blkif *blkif = be->blkif;
572 	int err;
573 	int state = 0;
574 	struct block_device *bdev = be->blkif->vbd.bdev;
575 
576 	if (!xenbus_read_unsigned(dev->nodename, "discard-enable", 1))
577 		return;
578 
579 	if (bdev_max_discard_sectors(bdev)) {
580 		err = xenbus_printf(xbt, dev->nodename,
581 			"discard-granularity", "%u",
582 			bdev_discard_granularity(bdev));
583 		if (err) {
584 			dev_warn(&dev->dev, "writing discard-granularity (%d)", err);
585 			return;
586 		}
587 		err = xenbus_printf(xbt, dev->nodename,
588 			"discard-alignment", "%u",
589 			bdev_discard_alignment(bdev));
590 		if (err) {
591 			dev_warn(&dev->dev, "writing discard-alignment (%d)", err);
592 			return;
593 		}
594 		state = 1;
595 		/* Optional. */
596 		err = xenbus_printf(xbt, dev->nodename,
597 				    "discard-secure", "%d",
598 				    blkif->vbd.discard_secure);
599 		if (err) {
600 			dev_warn(&dev->dev, "writing discard-secure (%d)", err);
601 			return;
602 		}
603 	}
604 	err = xenbus_printf(xbt, dev->nodename, "feature-discard",
605 			    "%d", state);
606 	if (err)
607 		dev_warn(&dev->dev, "writing feature-discard (%d)", err);
608 }
609 
610 int xen_blkbk_barrier(struct xenbus_transaction xbt,
611 		      struct backend_info *be, int state)
612 {
613 	struct xenbus_device *dev = be->dev;
614 	int err;
615 
616 	err = xenbus_printf(xbt, dev->nodename, "feature-barrier",
617 			    "%d", state);
618 	if (err)
619 		dev_warn(&dev->dev, "writing feature-barrier (%d)", err);
620 
621 	return err;
622 }
623 
624 /*
625  * Entry point to this code when a new device is created.  Allocate the basic
626  * structures, and watch the store waiting for the hotplug scripts to tell us
627  * the device's physical major and minor numbers.  Switch to InitWait.
628  */
629 static int xen_blkbk_probe(struct xenbus_device *dev,
630 			   const struct xenbus_device_id *id)
631 {
632 	int err;
633 	struct backend_info *be = kzalloc(sizeof(struct backend_info),
634 					  GFP_KERNEL);
635 
636 	/* match the pr_debug in xen_blkbk_remove */
637 	pr_debug("%s %p %d\n", __func__, dev, dev->otherend_id);
638 
639 	if (!be) {
640 		xenbus_dev_fatal(dev, -ENOMEM,
641 				 "allocating backend structure");
642 		return -ENOMEM;
643 	}
644 	be->dev = dev;
645 	dev_set_drvdata(&dev->dev, be);
646 
647 	be->blkif = xen_blkif_alloc(dev->otherend_id);
648 	if (IS_ERR(be->blkif)) {
649 		err = PTR_ERR(be->blkif);
650 		be->blkif = NULL;
651 		xenbus_dev_fatal(dev, err, "creating block interface");
652 		goto fail;
653 	}
654 
655 	err = xenbus_printf(XBT_NIL, dev->nodename,
656 			    "feature-max-indirect-segments", "%u",
657 			    MAX_INDIRECT_SEGMENTS);
658 	if (err)
659 		dev_warn(&dev->dev,
660 			 "writing %s/feature-max-indirect-segments (%d)",
661 			 dev->nodename, err);
662 
663 	/* Multi-queue: advertise how many queues are supported by us.*/
664 	err = xenbus_printf(XBT_NIL, dev->nodename,
665 			    "multi-queue-max-queues", "%u", xenblk_max_queues);
666 	if (err)
667 		pr_warn("Error writing multi-queue-max-queues\n");
668 
669 	/* setup back pointer */
670 	be->blkif->be = be;
671 
672 	err = xenbus_watch_pathfmt(dev, &be->backend_watch, NULL,
673 				   backend_changed,
674 				   "%s/%s", dev->nodename, "physical-device");
675 	if (err)
676 		goto fail;
677 
678 	err = xenbus_printf(XBT_NIL, dev->nodename, "max-ring-page-order", "%u",
679 			    xen_blkif_max_ring_order);
680 	if (err)
681 		pr_warn("%s write out 'max-ring-page-order' failed\n", __func__);
682 
683 	err = xenbus_switch_state(dev, XenbusStateInitWait);
684 	if (err)
685 		goto fail;
686 
687 	return 0;
688 
689 fail:
690 	pr_warn("%s failed\n", __func__);
691 	xen_blkbk_remove(dev);
692 	return err;
693 }
694 
695 /*
696  * Callback received when the hotplug scripts have placed the physical-device
697  * node.  Read it and the mode node, and create a vbd.  If the frontend is
698  * ready, connect.
699  */
700 static void backend_changed(struct xenbus_watch *watch,
701 			    const char *path, const char *token)
702 {
703 	int err;
704 	unsigned major;
705 	unsigned minor;
706 	struct backend_info *be
707 		= container_of(watch, struct backend_info, backend_watch);
708 	struct xenbus_device *dev = be->dev;
709 	int cdrom = 0;
710 	unsigned long handle;
711 	char *device_type;
712 
713 	pr_debug("%s %p %d\n", __func__, dev, dev->otherend_id);
714 
715 	err = xenbus_scanf(XBT_NIL, dev->nodename, "physical-device", "%x:%x",
716 			   &major, &minor);
717 	if (XENBUS_EXIST_ERR(err)) {
718 		/*
719 		 * Since this watch will fire once immediately after it is
720 		 * registered, we expect this.  Ignore it, and wait for the
721 		 * hotplug scripts.
722 		 */
723 		return;
724 	}
725 	if (err != 2) {
726 		xenbus_dev_fatal(dev, err, "reading physical-device");
727 		return;
728 	}
729 
730 	if (be->major | be->minor) {
731 		if (be->major != major || be->minor != minor)
732 			pr_warn("changing physical device (from %x:%x to %x:%x) not supported.\n",
733 				be->major, be->minor, major, minor);
734 		return;
735 	}
736 
737 	be->mode = xenbus_read(XBT_NIL, dev->nodename, "mode", NULL);
738 	if (IS_ERR(be->mode)) {
739 		err = PTR_ERR(be->mode);
740 		be->mode = NULL;
741 		xenbus_dev_fatal(dev, err, "reading mode");
742 		return;
743 	}
744 
745 	device_type = xenbus_read(XBT_NIL, dev->otherend, "device-type", NULL);
746 	if (!IS_ERR(device_type)) {
747 		cdrom = strcmp(device_type, "cdrom") == 0;
748 		kfree(device_type);
749 	}
750 
751 	/* Front end dir is a number, which is used as the handle. */
752 	err = kstrtoul(strrchr(dev->otherend, '/') + 1, 0, &handle);
753 	if (err) {
754 		kfree(be->mode);
755 		be->mode = NULL;
756 		return;
757 	}
758 
759 	be->major = major;
760 	be->minor = minor;
761 
762 	err = xen_vbd_create(be->blkif, handle, major, minor,
763 			     !strchr(be->mode, 'w'), cdrom);
764 
765 	if (err)
766 		xenbus_dev_fatal(dev, err, "creating vbd structure");
767 	else {
768 		err = xenvbd_sysfs_addif(dev);
769 		if (err) {
770 			xen_vbd_free(&be->blkif->vbd);
771 			xenbus_dev_fatal(dev, err, "creating sysfs entries");
772 		}
773 	}
774 
775 	if (err) {
776 		kfree(be->mode);
777 		be->mode = NULL;
778 		be->major = 0;
779 		be->minor = 0;
780 	} else {
781 		/* We're potentially connected now */
782 		xen_update_blkif_status(be->blkif);
783 	}
784 }
785 
786 /*
787  * Callback received when the frontend's state changes.
788  */
789 static void frontend_changed(struct xenbus_device *dev,
790 			     enum xenbus_state frontend_state)
791 {
792 	struct backend_info *be = dev_get_drvdata(&dev->dev);
793 	int err;
794 
795 	pr_debug("%s %p %s\n", __func__, dev, xenbus_strstate(frontend_state));
796 
797 	switch (frontend_state) {
798 	case XenbusStateInitialising:
799 		if (dev->state == XenbusStateClosed) {
800 			pr_info("%s: prepare for reconnect\n", dev->nodename);
801 			xenbus_switch_state(dev, XenbusStateInitWait);
802 		}
803 		break;
804 
805 	case XenbusStateInitialised:
806 	case XenbusStateConnected:
807 		/*
808 		 * Ensure we connect even when two watches fire in
809 		 * close succession and we miss the intermediate value
810 		 * of frontend_state.
811 		 */
812 		if (dev->state == XenbusStateConnected)
813 			break;
814 
815 		/*
816 		 * Enforce precondition before potential leak point.
817 		 * xen_blkif_disconnect() is idempotent.
818 		 */
819 		err = xen_blkif_disconnect(be->blkif);
820 		if (err) {
821 			xenbus_dev_fatal(dev, err, "pending I/O");
822 			break;
823 		}
824 
825 		err = connect_ring(be);
826 		if (err) {
827 			/*
828 			 * Clean up so that memory resources can be used by
829 			 * other devices. connect_ring reported already error.
830 			 */
831 			xen_blkif_disconnect(be->blkif);
832 			break;
833 		}
834 		xen_update_blkif_status(be->blkif);
835 		break;
836 
837 	case XenbusStateClosing:
838 		xenbus_switch_state(dev, XenbusStateClosing);
839 		break;
840 
841 	case XenbusStateClosed:
842 		xen_blkif_disconnect(be->blkif);
843 		xenbus_switch_state(dev, XenbusStateClosed);
844 		if (xenbus_dev_is_online(dev))
845 			break;
846 		fallthrough;
847 		/* if not online */
848 	case XenbusStateUnknown:
849 		/* implies xen_blkif_disconnect() via xen_blkbk_remove() */
850 		device_unregister(&dev->dev);
851 		break;
852 
853 	default:
854 		xenbus_dev_fatal(dev, -EINVAL, "saw state %d at frontend",
855 				 frontend_state);
856 		break;
857 	}
858 }
859 
860 /* Once a memory pressure is detected, squeeze free page pools for a while. */
861 static unsigned int buffer_squeeze_duration_ms = 10;
862 module_param_named(buffer_squeeze_duration_ms,
863 		buffer_squeeze_duration_ms, int, 0644);
864 MODULE_PARM_DESC(buffer_squeeze_duration_ms,
865 "Duration in ms to squeeze pages buffer when a memory pressure is detected");
866 
867 /*
868  * Callback received when the memory pressure is detected.
869  */
870 static void reclaim_memory(struct xenbus_device *dev)
871 {
872 	struct backend_info *be = dev_get_drvdata(&dev->dev);
873 
874 	if (!be)
875 		return;
876 	be->blkif->buffer_squeeze_end = jiffies +
877 		msecs_to_jiffies(buffer_squeeze_duration_ms);
878 }
879 
880 /* ** Connection ** */
881 
882 /*
883  * Write the physical details regarding the block device to the store, and
884  * switch to Connected state.
885  */
886 static void connect(struct backend_info *be)
887 {
888 	struct xenbus_transaction xbt;
889 	int err;
890 	struct xenbus_device *dev = be->dev;
891 
892 	pr_debug("%s %s\n", __func__, dev->otherend);
893 
894 	/* Supply the information about the device the frontend needs */
895 again:
896 	err = xenbus_transaction_start(&xbt);
897 	if (err) {
898 		xenbus_dev_fatal(dev, err, "starting transaction");
899 		return;
900 	}
901 
902 	/* If we can't advertise it is OK. */
903 	xen_blkbk_flush_diskcache(xbt, be, be->blkif->vbd.flush_support);
904 
905 	xen_blkbk_discard(xbt, be);
906 
907 	xen_blkbk_barrier(xbt, be, be->blkif->vbd.flush_support);
908 
909 	err = xenbus_printf(xbt, dev->nodename, "feature-persistent", "%u",
910 			be->blkif->vbd.feature_gnt_persistent_parm);
911 	if (err) {
912 		xenbus_dev_fatal(dev, err, "writing %s/feature-persistent",
913 				 dev->nodename);
914 		goto abort;
915 	}
916 
917 	err = xenbus_printf(xbt, dev->nodename, "sectors", "%llu",
918 			    (unsigned long long)vbd_sz(&be->blkif->vbd));
919 	if (err) {
920 		xenbus_dev_fatal(dev, err, "writing %s/sectors",
921 				 dev->nodename);
922 		goto abort;
923 	}
924 
925 	/* FIXME: use a typename instead */
926 	err = xenbus_printf(xbt, dev->nodename, "info", "%u",
927 			    be->blkif->vbd.type |
928 			    (be->blkif->vbd.readonly ? VDISK_READONLY : 0));
929 	if (err) {
930 		xenbus_dev_fatal(dev, err, "writing %s/info",
931 				 dev->nodename);
932 		goto abort;
933 	}
934 	err = xenbus_printf(xbt, dev->nodename, "sector-size", "%lu",
935 			    (unsigned long)
936 			    bdev_logical_block_size(be->blkif->vbd.bdev));
937 	if (err) {
938 		xenbus_dev_fatal(dev, err, "writing %s/sector-size",
939 				 dev->nodename);
940 		goto abort;
941 	}
942 	err = xenbus_printf(xbt, dev->nodename, "physical-sector-size", "%u",
943 			    bdev_physical_block_size(be->blkif->vbd.bdev));
944 	if (err)
945 		xenbus_dev_error(dev, err, "writing %s/physical-sector-size",
946 				 dev->nodename);
947 
948 	err = xenbus_transaction_end(xbt, 0);
949 	if (err == -EAGAIN)
950 		goto again;
951 	if (err)
952 		xenbus_dev_fatal(dev, err, "ending transaction");
953 
954 	err = xenbus_switch_state(dev, XenbusStateConnected);
955 	if (err)
956 		xenbus_dev_fatal(dev, err, "%s: switching to Connected state",
957 				 dev->nodename);
958 
959 	return;
960  abort:
961 	xenbus_transaction_end(xbt, 1);
962 }
963 
964 /*
965  * Each ring may have multi pages, depends on "ring-page-order".
966  */
967 static int read_per_ring_refs(struct xen_blkif_ring *ring, const char *dir)
968 {
969 	unsigned int ring_ref[XENBUS_MAX_RING_GRANTS];
970 	struct pending_req *req, *n;
971 	int err, i, j;
972 	struct xen_blkif *blkif = ring->blkif;
973 	struct xenbus_device *dev = blkif->be->dev;
974 	unsigned int nr_grefs, evtchn;
975 
976 	err = xenbus_scanf(XBT_NIL, dir, "event-channel", "%u",
977 			  &evtchn);
978 	if (err != 1) {
979 		err = -EINVAL;
980 		xenbus_dev_fatal(dev, err, "reading %s/event-channel", dir);
981 		return err;
982 	}
983 
984 	nr_grefs = blkif->nr_ring_pages;
985 
986 	if (unlikely(!nr_grefs)) {
987 		WARN_ON(true);
988 		return -EINVAL;
989 	}
990 
991 	for (i = 0; i < nr_grefs; i++) {
992 		char ring_ref_name[RINGREF_NAME_LEN];
993 
994 		if (blkif->multi_ref)
995 			snprintf(ring_ref_name, RINGREF_NAME_LEN, "ring-ref%u", i);
996 		else {
997 			WARN_ON(i != 0);
998 			snprintf(ring_ref_name, RINGREF_NAME_LEN, "ring-ref");
999 		}
1000 
1001 		err = xenbus_scanf(XBT_NIL, dir, ring_ref_name,
1002 				   "%u", &ring_ref[i]);
1003 
1004 		if (err != 1) {
1005 			err = -EINVAL;
1006 			xenbus_dev_fatal(dev, err, "reading %s/%s",
1007 					 dir, ring_ref_name);
1008 			return err;
1009 		}
1010 	}
1011 
1012 	err = -ENOMEM;
1013 	for (i = 0; i < nr_grefs * XEN_BLKIF_REQS_PER_PAGE; i++) {
1014 		req = kzalloc(sizeof(*req), GFP_KERNEL);
1015 		if (!req)
1016 			goto fail;
1017 		list_add_tail(&req->free_list, &ring->pending_free);
1018 		for (j = 0; j < MAX_INDIRECT_SEGMENTS; j++) {
1019 			req->segments[j] = kzalloc(sizeof(*req->segments[0]), GFP_KERNEL);
1020 			if (!req->segments[j])
1021 				goto fail;
1022 		}
1023 		for (j = 0; j < MAX_INDIRECT_PAGES; j++) {
1024 			req->indirect_pages[j] = kzalloc(sizeof(*req->indirect_pages[0]),
1025 							 GFP_KERNEL);
1026 			if (!req->indirect_pages[j])
1027 				goto fail;
1028 		}
1029 	}
1030 
1031 	/* Map the shared frame, irq etc. */
1032 	err = xen_blkif_map(ring, ring_ref, nr_grefs, evtchn);
1033 	if (err) {
1034 		xenbus_dev_fatal(dev, err, "mapping ring-ref port %u", evtchn);
1035 		goto fail;
1036 	}
1037 
1038 	return 0;
1039 
1040 fail:
1041 	list_for_each_entry_safe(req, n, &ring->pending_free, free_list) {
1042 		list_del(&req->free_list);
1043 		for (j = 0; j < MAX_INDIRECT_SEGMENTS; j++) {
1044 			if (!req->segments[j])
1045 				break;
1046 			kfree(req->segments[j]);
1047 		}
1048 		for (j = 0; j < MAX_INDIRECT_PAGES; j++) {
1049 			if (!req->indirect_pages[j])
1050 				break;
1051 			kfree(req->indirect_pages[j]);
1052 		}
1053 		kfree(req);
1054 	}
1055 	return err;
1056 }
1057 
1058 static int connect_ring(struct backend_info *be)
1059 {
1060 	struct xenbus_device *dev = be->dev;
1061 	struct xen_blkif *blkif = be->blkif;
1062 	char protocol[64] = "";
1063 	int err, i;
1064 	char *xspath;
1065 	size_t xspathsize;
1066 	const size_t xenstore_path_ext_size = 11; /* sufficient for "/queue-NNN" */
1067 	unsigned int requested_num_queues = 0;
1068 	unsigned int ring_page_order;
1069 
1070 	pr_debug("%s %s\n", __func__, dev->otherend);
1071 
1072 	blkif->blk_protocol = BLKIF_PROTOCOL_DEFAULT;
1073 	err = xenbus_scanf(XBT_NIL, dev->otherend, "protocol",
1074 			   "%63s", protocol);
1075 	if (err <= 0)
1076 		strcpy(protocol, "unspecified, assuming default");
1077 	else if (0 == strcmp(protocol, XEN_IO_PROTO_ABI_NATIVE))
1078 		blkif->blk_protocol = BLKIF_PROTOCOL_NATIVE;
1079 	else if (0 == strcmp(protocol, XEN_IO_PROTO_ABI_X86_32))
1080 		blkif->blk_protocol = BLKIF_PROTOCOL_X86_32;
1081 	else if (0 == strcmp(protocol, XEN_IO_PROTO_ABI_X86_64))
1082 		blkif->blk_protocol = BLKIF_PROTOCOL_X86_64;
1083 	else {
1084 		xenbus_dev_fatal(dev, err, "unknown fe protocol %s", protocol);
1085 		return -ENOSYS;
1086 	}
1087 
1088 	blkif->vbd.feature_gnt_persistent_parm = feature_persistent;
1089 	blkif->vbd.feature_gnt_persistent =
1090 		blkif->vbd.feature_gnt_persistent_parm &&
1091 		xenbus_read_unsigned(dev->otherend, "feature-persistent", 0);
1092 
1093 	blkif->vbd.overflow_max_grants = 0;
1094 
1095 	/*
1096 	 * Read the number of hardware queues from frontend.
1097 	 */
1098 	requested_num_queues = xenbus_read_unsigned(dev->otherend,
1099 						    "multi-queue-num-queues",
1100 						    1);
1101 	if (requested_num_queues > xenblk_max_queues
1102 	    || requested_num_queues == 0) {
1103 		/* Buggy or malicious guest. */
1104 		xenbus_dev_fatal(dev, err,
1105 				"guest requested %u queues, exceeding the maximum of %u.",
1106 				requested_num_queues, xenblk_max_queues);
1107 		return -ENOSYS;
1108 	}
1109 	blkif->nr_rings = requested_num_queues;
1110 	if (xen_blkif_alloc_rings(blkif))
1111 		return -ENOMEM;
1112 
1113 	pr_info("%s: using %d queues, protocol %d (%s) %s\n", dev->nodename,
1114 		 blkif->nr_rings, blkif->blk_protocol, protocol,
1115 		 blkif->vbd.feature_gnt_persistent ? "persistent grants" : "");
1116 
1117 	err = xenbus_scanf(XBT_NIL, dev->otherend, "ring-page-order", "%u",
1118 			   &ring_page_order);
1119 	if (err != 1) {
1120 		blkif->nr_ring_pages = 1;
1121 		blkif->multi_ref = false;
1122 	} else if (ring_page_order <= xen_blkif_max_ring_order) {
1123 		blkif->nr_ring_pages = 1 << ring_page_order;
1124 		blkif->multi_ref = true;
1125 	} else {
1126 		err = -EINVAL;
1127 		xenbus_dev_fatal(dev, err,
1128 				 "requested ring page order %d exceed max:%d",
1129 				 ring_page_order,
1130 				 xen_blkif_max_ring_order);
1131 		return err;
1132 	}
1133 
1134 	if (blkif->nr_rings == 1)
1135 		return read_per_ring_refs(&blkif->rings[0], dev->otherend);
1136 	else {
1137 		xspathsize = strlen(dev->otherend) + xenstore_path_ext_size;
1138 		xspath = kmalloc(xspathsize, GFP_KERNEL);
1139 		if (!xspath) {
1140 			xenbus_dev_fatal(dev, -ENOMEM, "reading ring references");
1141 			return -ENOMEM;
1142 		}
1143 
1144 		for (i = 0; i < blkif->nr_rings; i++) {
1145 			memset(xspath, 0, xspathsize);
1146 			snprintf(xspath, xspathsize, "%s/queue-%u", dev->otherend, i);
1147 			err = read_per_ring_refs(&blkif->rings[i], xspath);
1148 			if (err) {
1149 				kfree(xspath);
1150 				return err;
1151 			}
1152 		}
1153 		kfree(xspath);
1154 	}
1155 	return 0;
1156 }
1157 
1158 static const struct xenbus_device_id xen_blkbk_ids[] = {
1159 	{ "vbd" },
1160 	{ "" }
1161 };
1162 
1163 static struct xenbus_driver xen_blkbk_driver = {
1164 	.ids  = xen_blkbk_ids,
1165 	.probe = xen_blkbk_probe,
1166 	.remove = xen_blkbk_remove,
1167 	.otherend_changed = frontend_changed,
1168 	.allow_rebind = true,
1169 	.reclaim_memory = reclaim_memory,
1170 };
1171 
1172 int xen_blkif_xenbus_init(void)
1173 {
1174 	return xenbus_register_backend(&xen_blkbk_driver);
1175 }
1176 
1177 void xen_blkif_xenbus_fini(void)
1178 {
1179 	xenbus_unregister_driver(&xen_blkbk_driver);
1180 }
1181